package com.nbsaas.boot;

import com.nbsaas.boot.sql.SqlCondition;
import com.nbsaas.boot.sql.SqlWhereAppender;
import com.nbsaas.boot.sql.SqlInjectionChecker;
import lombok.Data;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.List;

//TIP To <b>Run</b> code, press <shortcut actionId="Run"/> or
// click the <icon src="AllIcons.Actions.Execute"/> icon in the gutter.
public class Main {
    public static void main(String[] args) throws Exception {
        long timestamp = 1751426706L * 1000; // 秒转毫秒
        Date time=new Date(timestamp);
        System.out.println(time.toLocaleString());
        System.out.println("=== SQL WHERE 条件拼接演示 ===");
        testNormalSqlAppend();
        
        System.out.println("\n=== SQL 注入检查演示 ===");
        testSqlInjectionChecker();
        
        System.out.println("\n=== 安全的 SQL 拼接演示 ===");
        testSafeSqlAppend();
    }
    
    /**
     * 正常的SQL拼接演示
     */
    private static void testNormalSqlAppend() throws Exception {
        List<SqlCondition> conditions = new ArrayList<>();

        conditions.add(new SqlCondition("tenant_id", "=", "T123"));
        conditions.add(new SqlCondition("created_at", ">=", "2025-01-01"));
        conditions.add(new SqlCondition("name", "LIKE", "%张%"));
        conditions.add(new SqlCondition("state", "IN", Arrays.asList("A", "B", "C")));
        conditions.add(new SqlCondition("score", "BETWEEN", 60, 90));

        String newSql = SqlWhereAppender.append("SELECT * FROM users WHERE deleted = 0", conditions);
        System.out.println("拼接后的SQL: " + newSql);
    }
    
    /**
     * SQL注入检查演示
     */
    private static void testSqlInjectionChecker() {
        System.out.println("1. 检查安全的SQL:");
        String safeSql = "SELECT * FROM users WHERE id = 123";
        SqlInjectionChecker.SqlInjectionResult result1 = SqlInjectionChecker.checkSql(safeSql);
        System.out.println("SQL: " + safeSql);
        System.out.println("检查结果: " + result1.getMessage());
        System.out.println("是否有风险: " + result1.hasRisk());
        
        System.out.println("\n2. 检查包含注入的SQL:");
        String maliciousSql = "SELECT * FROM users WHERE id = 1 OR 1=1 --";
        SqlInjectionChecker.SqlInjectionResult result2 = SqlInjectionChecker.checkSql(maliciousSql);
        System.out.println("SQL: " + maliciousSql);
        System.out.println("检查结果: " + result2.getMessage());
        System.out.println("是否有风险: " + result2.hasRisk());
        System.out.println("风险详情: " + result2.getRiskDetails());
        
        System.out.println("\n3. 检查UNION注入:");
        String unionSql = "SELECT name FROM users WHERE id = 1 UNION SELECT password FROM admin";
        SqlInjectionChecker.SqlInjectionResult result3 = SqlInjectionChecker.checkSql(unionSql);
        System.out.println("SQL: " + unionSql);
        System.out.println("检查结果: " + result3.getMessage());
        System.out.println("是否有风险: " + result3.hasRisk());
        
        System.out.println("\n4. 检查参数注入:");
        String maliciousParam = "'; DROP TABLE users; --";
        SqlInjectionChecker.SqlInjectionResult result4 = SqlInjectionChecker.checkParameter(maliciousParam);
        System.out.println("参数: " + maliciousParam);
        System.out.println("检查结果: " + result4.getMessage());
        System.out.println("是否有风险: " + result4.hasRisk());
        
        System.out.println("\n5. 检查SQL条件列表:");
        List<SqlCondition> safeConditions = Arrays.asList(
            new SqlCondition("name", "=", "张三"),
            new SqlCondition("age", ">=", 18)
        );
        SqlInjectionChecker.SqlInjectionResult result5 = SqlInjectionChecker.checkConditions(safeConditions);
        System.out.println("安全条件检查结果: " + result5.getMessage());
        
        List<SqlCondition> maliciousConditions = Arrays.asList(
            new SqlCondition("name", "=", "张三"),
            new SqlCondition("id", "=", "1 OR 1=1")
        );
        SqlInjectionChecker.SqlInjectionResult result6 = SqlInjectionChecker.checkConditions(maliciousConditions);
        System.out.println("恶意条件检查结果: " + result6.getMessage());
        System.out.println("是否有风险: " + result6.hasRisk());
    }
    
    /**
     * 安全的SQL拼接演示
     */
    private static void testSafeSqlAppend() {
        System.out.println("1. 安全的SQL拼接:");
        try {
            List<SqlCondition> safeConditions = Arrays.asList(
                new SqlCondition("tenant_id", "=", "T123"),
                new SqlCondition("name", "LIKE", "%张%"),
                new SqlCondition("status", "=", "ACTIVE")
            );
            
            String safeSql = SqlInjectionChecker.safeAppend(
                "SELECT * FROM users WHERE deleted = 0", 
                safeConditions
            );
            System.out.println("安全拼接成功: " + safeSql);
        } catch (Exception e) {
            System.out.println("拼接失败: " + e.getMessage());
        }
        
        System.out.println("\n2. 检测到注入风险的SQL拼接:");
        try {
            List<SqlCondition> maliciousConditions = Arrays.asList(
                new SqlCondition("tenant_id", "=", "T123"),
                new SqlCondition("id", "=", "1 OR 1=1 --")
            );
            
            String maliciousSql = SqlInjectionChecker.safeAppend(
                "SELECT * FROM users WHERE deleted = 0", 
                maliciousConditions
            );
            System.out.println("拼接结果: " + maliciousSql);
        } catch (SqlInjectionChecker.SqlInjectionException e) {
            System.out.println("检测到注入风险，拼接被阻止: " + e.getMessage());
        } catch (Exception e) {
            System.out.println("其他错误: " + e.getMessage());
        }
        
        System.out.println("\n3. 原始SQL就存在风险的情况:");
        try {
            List<SqlCondition> conditions = Arrays.asList(
                new SqlCondition("name", "=", "张三")
            );
            
            String maliciousSql = SqlInjectionChecker.safeAppend(
                "SELECT * FROM users WHERE id = 1 OR 1=1", 
                conditions
            );
            System.out.println("拼接结果: " + maliciousSql);
        } catch (SqlInjectionChecker.SqlInjectionException e) {
            System.out.println("原始SQL存在风险，拼接被阻止: " + e.getMessage());
        } catch (Exception e) {
            System.out.println("其他错误: " + e.getMessage());
        }
    }
}